Gathering detailed insights and metrics for eslint-nibble-ignore
Gathering detailed insights and metrics for eslint-nibble-ignore
Ease into ESLint, by fixing one rule at a time
Installations
npm install eslint-nibble-ignoreDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
6.3.1
NPM Version
3.10.5
Score
41.4
Supply Chain
75.4
Quality
67.9
Maintenance
25
Vulnerability
96.5
License
Releases
30
Languages
1
JavaScript
JavaScript (100%)
Developer
IanVS
Download Statistics
Total Downloads
4,894
Last Day
1
Last Week
1
Last Month
20
Last Year
295
GitHub Statistics
MIT License
846 Stars
244 Commits
30 Forks
7 Watchers
6 Branches
14 Contributors
Updated on Jul 01, 2025
Bundle Size
205.00 B
Minified
154.00 B
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
3.0.0
Package Id
eslint-nibble-ignore@3.0.0
Size
97.14 kB
NPM Version
3.10.5
Node Version
6.3.1
Total Downloads
Cumulative downloads
Total Downloads
4,894
Last Day
0%
1
Compared to previous day
Last Week
-85.7%
1
Compared to previous week
Last Month
-20%
20
Compared to previous month
Last Year
123.5%
295
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
eslint-nibble
Sometimes running ESLint against an existing project and fixing the hundreds or thousands of errors is biting off more than you can chew. This will give a quick overview of your failing rules, and then show the detailed error reports for one rule at a time.
Major versions of this tool correspond to the major version of ESLint. This means eslint-nibble version 3.X will use the latest eslint 3.X.
Installation
1npm install eslint-nibble
You can also install eslint-nibble globally, but it is not recommended.
Instead, try installing eslint-nibble in your project without --save-dev (as shown above), because this tool is intended only to get you up and running. Once you're happy with your rules and your code, install eslint itself with npm install eslint --save-dev and use that for all your ongoing linting.
Usage
Add something like the following to your package.json file:
1"scripts": { 2 "nibble": "eslint-nibble lib/ tests/ index.js" 3}
This will run eslint against .js files in the lib/ and tests/ directories, as well as index.js.
Then, to run eslint-nibble, you can use:
1npm run nibble
Eslint-nibble will then display a rundown of the rules that are failing and a summary of the results, using eslint-stats and eslint-summary, and will ask you to pick a rule to work on:
Type in the name of the rule, and then a detailed list of the errors will be presented, using eslint-friendly-formatter. If you are using iTerm2 or Guake, you can set them up so that your text editor opens to the correct line when you click on the filename.
Options
--ext
If your javascript files have an extension other than .js, you can use the --ext flag to
specify which extensions to examine. For example, this will check all files ending in .jsx` or .js`:
1eslint-nibble --ext .jsx,.js lib/
globs
You are not limited to directory and file names as arguments, you can also specify a glob pattern. For example, to examine all .jsx files in "test/" directories within "lib/":
1eslint-nibble lib/**/test/**/*.jsx
Notes
This module does not make any decisions about which ESLint rules to run. Make sure your project has a .eslintrc file if you want ESLint to do anything. As of version 1.0.0, no rules are enabled by default.
No vulnerabilities found.
Reason
21 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.md:0
Reason
dependency not pinned by hash detected -- score normalized to 6
Details
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:26
- Info: 2 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
4 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-h6ch-v84p-w6p9
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'main'
- Info: 'force pushes' disabled on branch 'main'
- Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'
- Warn: 'stale review dismissal' is disabled on branch 'main'
- Warn: branch 'main' does not require approvers
- Warn: codeowners review is not required on branch 'main'
- Warn: 'last push approval' is disabled on branch 'main'
- Warn: no status checks found to merge onto branch 'main'
- Info: PRs are required in order to make changes on branch 'main'
Reason
Found 2/11 approved changesets -- score normalized to 1
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 28 are checked with a SAST tool
Score
4.8
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More